1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "privacy_manager_proxy.h"
17
18 #include "accesstoken_log.h"
19 #include "privacy_error.h"
20
21 namespace OHOS {
22 namespace Security {
23 namespace AccessToken {
24 namespace {
25 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
26 LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacyManagerProxy"
27 };
28
29 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE
30 static const int MAX_SEC_COMP_ENHANCE_SIZE = 1000;
31 #endif
32 }
33
PrivacyManagerProxy(const sptr<IRemoteObject> & impl)34 PrivacyManagerProxy::PrivacyManagerProxy(const sptr<IRemoteObject>& impl)
35 : IRemoteProxy<IPrivacyManager>(impl) {
36 }
37
~PrivacyManagerProxy()38 PrivacyManagerProxy::~PrivacyManagerProxy()
39 {}
40
AddPermissionUsedRecord(AccessTokenID tokenID,const std::string & permissionName,int32_t successCount,int32_t failCount,bool asyncMode)41 int32_t PrivacyManagerProxy::AddPermissionUsedRecord(AccessTokenID tokenID, const std::string& permissionName,
42 int32_t successCount, int32_t failCount, bool asyncMode)
43 {
44 MessageParcel addData;
45 addData.WriteInterfaceToken(IPrivacyManager::GetDescriptor());
46 if (!addData.WriteUint32(tokenID)) {
47 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
48 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
49 }
50 if (!addData.WriteString(permissionName)) {
51 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName");
52 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
53 }
54 if (!addData.WriteInt32(successCount)) {
55 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteUint32(successCount)");
56 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
57 }
58 if (!addData.WriteInt32(failCount)) {
59 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteUint32(failCount)");
60 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
61 }
62
63 MessageParcel reply;
64 if (!SendRequest(PrivacyInterfaceCode::ADD_PERMISSION_USED_RECORD, addData, reply, asyncMode)) {
65 return PrivacyError::ERR_SERVICE_ABNORMAL;
66 }
67 int32_t result = reply.ReadInt32();
68 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
69 return result;
70 }
71
StartUsingPermission(AccessTokenID tokenID,const std::string & permissionName)72 int32_t PrivacyManagerProxy::StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName)
73 {
74 MessageParcel startData;
75 startData.WriteInterfaceToken(IPrivacyManager::GetDescriptor());
76 if (!startData.WriteUint32(tokenID)) {
77 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
78 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
79 }
80 if (!startData.WriteString(permissionName)) {
81 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName");
82 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
83 }
84
85 MessageParcel reply;
86 if (!SendRequest(PrivacyInterfaceCode::START_USING_PERMISSION, startData, reply)) {
87 return PrivacyError::ERR_SERVICE_ABNORMAL;
88 }
89
90 int32_t result = reply.ReadInt32();
91 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
92 return result;
93 }
94
StartUsingPermission(AccessTokenID tokenID,const std::string & permissionName,const sptr<IRemoteObject> & callback)95 int32_t PrivacyManagerProxy::StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName,
96 const sptr<IRemoteObject>& callback)
97 {
98 MessageParcel data;
99 data.WriteInterfaceToken(IPrivacyManager::GetDescriptor());
100 if (!data.WriteUint32(tokenID)) {
101 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
102 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
103 }
104 if (!data.WriteString(permissionName)) {
105 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName");
106 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
107 }
108 if (!data.WriteRemoteObject(callback)) {
109 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write remote object.");
110 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
111 }
112
113 MessageParcel reply;
114 if (!SendRequest(PrivacyInterfaceCode::START_USING_PERMISSION_CALLBACK, data, reply)) {
115 ACCESSTOKEN_LOG_ERROR(LABEL, "SendRequest fail");
116 return PrivacyError::ERR_SERVICE_ABNORMAL;
117 }
118
119 int32_t result = reply.ReadInt32();
120 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
121 return result;
122 }
123
StopUsingPermission(AccessTokenID tokenID,const std::string & permissionName)124 int32_t PrivacyManagerProxy::StopUsingPermission(AccessTokenID tokenID, const std::string& permissionName)
125 {
126 MessageParcel stopData;
127 stopData.WriteInterfaceToken(IPrivacyManager::GetDescriptor());
128 if (!stopData.WriteUint32(tokenID)) {
129 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
130 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
131 }
132 if (!stopData.WriteString(permissionName)) {
133 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName");
134 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
135 }
136
137 MessageParcel reply;
138 if (!SendRequest(PrivacyInterfaceCode::STOP_USING_PERMISSION, stopData, reply)) {
139 return PrivacyError::ERR_SERVICE_ABNORMAL;
140 }
141
142 int32_t result = reply.ReadInt32();
143 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
144 return result;
145 }
146
RemovePermissionUsedRecords(AccessTokenID tokenID,const std::string & deviceID)147 int32_t PrivacyManagerProxy::RemovePermissionUsedRecords(AccessTokenID tokenID, const std::string& deviceID)
148 {
149 MessageParcel data;
150 data.WriteInterfaceToken(IPrivacyManager::GetDescriptor());
151 if (!data.WriteUint32(tokenID)) {
152 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteUint32(%{public}d)", tokenID);
153 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
154 }
155 if (!data.WriteString(deviceID)) {
156 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteString(deviceID)");
157 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
158 }
159
160 MessageParcel reply;
161 if (!SendRequest(PrivacyInterfaceCode::DELETE_PERMISSION_USED_RECORDS, data, reply)) {
162 return PrivacyError::ERR_SERVICE_ABNORMAL;
163 }
164
165 int32_t result = reply.ReadInt32();
166 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
167 return result;
168 }
169
GetPermissionUsedRecords(const PermissionUsedRequestParcel & request,PermissionUsedResultParcel & result)170 int32_t PrivacyManagerProxy::GetPermissionUsedRecords(const PermissionUsedRequestParcel& request,
171 PermissionUsedResultParcel& result)
172 {
173 MessageParcel data;
174 data.WriteInterfaceToken(IPrivacyManager::GetDescriptor());
175 if (!data.WriteParcelable(&request)) {
176 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteParcelable(request)");
177 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
178 }
179
180 MessageParcel reply;
181 if (!SendRequest(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORDS, data, reply)) {
182 return PrivacyError::ERR_SERVICE_ABNORMAL;
183 }
184
185 int32_t ret = reply.ReadInt32();
186 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", ret);
187 if (ret != RET_SUCCESS) {
188 return ret;
189 }
190 sptr<PermissionUsedResultParcel> resultSptr = reply.ReadParcelable<PermissionUsedResultParcel>();
191 if (resultSptr == nullptr) {
192 ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable fail");
193 return PrivacyError::ERR_READ_PARCEL_FAILED;
194 }
195 result = *resultSptr;
196 return ret;
197 }
198
GetPermissionUsedRecords(const PermissionUsedRequestParcel & request,const sptr<OnPermissionUsedRecordCallback> & callback)199 int32_t PrivacyManagerProxy::GetPermissionUsedRecords(const PermissionUsedRequestParcel& request,
200 const sptr<OnPermissionUsedRecordCallback>& callback)
201 {
202 MessageParcel data;
203 data.WriteInterfaceToken(IPrivacyManager::GetDescriptor());
204 if (!data.WriteParcelable(&request)) {
205 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteParcelable(request)");
206 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
207 }
208 if (!data.WriteRemoteObject(callback->AsObject())) {
209 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteRemoteObject(callback)");
210 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
211 }
212
213 MessageParcel reply;
214 if (!SendRequest(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORDS_ASYNC, data, reply)) {
215 return PrivacyError::ERR_SERVICE_ABNORMAL;
216 }
217
218 int32_t result = reply.ReadInt32();
219 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
220 return result;
221 }
222
RegisterPermActiveStatusCallback(std::vector<std::string> & permList,const sptr<IRemoteObject> & callback)223 int32_t PrivacyManagerProxy::RegisterPermActiveStatusCallback(
224 std::vector<std::string>& permList, const sptr<IRemoteObject>& callback)
225 {
226 MessageParcel data;
227 if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) {
228 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write WriteInterfaceToken.");
229 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
230 }
231
232 uint32_t listSize = permList.size();
233 if (!data.WriteUint32(listSize)) {
234 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write listSize");
235 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
236 }
237 for (uint32_t i = 0; i < listSize; i++) {
238 if (!data.WriteString(permList[i])) {
239 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permList[%{public}d], %{public}s", i, permList[i].c_str());
240 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
241 }
242 }
243
244 if (!data.WriteRemoteObject(callback)) {
245 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write remote object.");
246 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
247 }
248 MessageParcel reply;
249 if (!SendRequest(PrivacyInterfaceCode::REGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK, data, reply)) {
250 return PrivacyError::ERR_SERVICE_ABNORMAL;
251 }
252
253 int32_t result = reply.ReadInt32();
254 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
255 return result;
256 }
257
UnRegisterPermActiveStatusCallback(const sptr<IRemoteObject> & callback)258 int32_t PrivacyManagerProxy::UnRegisterPermActiveStatusCallback(const sptr<IRemoteObject>& callback)
259 {
260 MessageParcel data;
261 if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) {
262 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write WriteInterfaceToken.");
263 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
264 }
265 if (!data.WriteRemoteObject(callback)) {
266 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write remote object.");
267 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
268 }
269 MessageParcel reply;
270 if (!SendRequest(
271 PrivacyInterfaceCode::UNREGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK, data, reply)) {
272 return PrivacyError::ERR_SERVICE_ABNORMAL;
273 }
274
275 int32_t result = reply.ReadInt32();
276 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
277 return result;
278 }
279
IsAllowedUsingPermission(AccessTokenID tokenID,const std::string & permissionName)280 bool PrivacyManagerProxy::IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName)
281 {
282 MessageParcel data;
283 MessageParcel reply;
284 if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) {
285 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write WriteInterfaceToken.");
286 return false;
287 }
288 if (!data.WriteUint32(tokenID)) {
289 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteUint32(%{public}d)", tokenID);
290 return false;
291 }
292 if (!data.WriteString(permissionName)) {
293 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteString(%{public}s)", permissionName.c_str());
294 return false;
295 }
296 if (!SendRequest(PrivacyInterfaceCode::IS_ALLOWED_USING_PERMISSION, data, reply)) {
297 return PrivacyError::ERR_SERVICE_ABNORMAL;
298 }
299
300 bool result = reply.ReadBool();
301 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
302 return result;
303 }
304
305 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE
RegisterSecCompEnhance(const SecCompEnhanceDataParcel & enhance)306 int32_t PrivacyManagerProxy::RegisterSecCompEnhance(const SecCompEnhanceDataParcel& enhance)
307 {
308 MessageParcel data;
309 MessageParcel reply;
310 if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) {
311 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write WriteInterfaceToken.");
312 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
313 }
314
315 if (!data.WriteParcelable(&enhance)) {
316 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write parcel.");
317 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
318 }
319
320 if (!SendRequest(PrivacyInterfaceCode::REGISTER_SEC_COMP_ENHANCE, data, reply)) {
321 return PrivacyError::ERR_SERVICE_ABNORMAL;
322 }
323
324 int32_t result = reply.ReadInt32();
325 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
326 return result;
327 }
328
GetSecCompEnhance(int32_t pid,SecCompEnhanceDataParcel & enhanceParcel)329 int32_t PrivacyManagerProxy::GetSecCompEnhance(int32_t pid, SecCompEnhanceDataParcel& enhanceParcel)
330 {
331 MessageParcel data;
332 MessageParcel reply;
333 if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) {
334 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write WriteInterfaceToken.");
335 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
336 }
337 if (!data.WriteInt32(pid)) {
338 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteInt32(%{public}d)", pid);
339 return false;
340 }
341 if (!SendRequest(PrivacyInterfaceCode::GET_SEC_COMP_ENHANCE, data, reply)) {
342 return PrivacyError::ERR_SERVICE_ABNORMAL;
343 }
344
345 int32_t result = reply.ReadInt32();
346 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
347 if (result != RET_SUCCESS) {
348 return result;
349 }
350
351 sptr<SecCompEnhanceDataParcel> parcel = reply.ReadParcelable<SecCompEnhanceDataParcel>();
352 if (parcel != nullptr) {
353 enhanceParcel = *parcel;
354 }
355 return result;
356 }
357
GetSpecialSecCompEnhance(const std::string & bundleName,std::vector<SecCompEnhanceDataParcel> & enhanceParcelList)358 int32_t PrivacyManagerProxy::GetSpecialSecCompEnhance(const std::string& bundleName,
359 std::vector<SecCompEnhanceDataParcel>& enhanceParcelList)
360 {
361 MessageParcel data;
362 MessageParcel reply;
363 if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) {
364 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write WriteInterfaceToken.");
365 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
366 }
367
368 if (!data.WriteString(bundleName)) {
369 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write string.");
370 return PrivacyError::ERR_WRITE_PARCEL_FAILED;
371 }
372
373 if (!SendRequest(PrivacyInterfaceCode::GET_SPECIAL_SEC_COMP_ENHANCE, data, reply)) {
374 return PrivacyError::ERR_SERVICE_ABNORMAL;
375 }
376
377 int32_t result = reply.ReadInt32();
378 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
379 if (result != RET_SUCCESS) {
380 return result;
381 }
382
383 uint32_t size = reply.ReadUint32();
384 if (size > MAX_SEC_COMP_ENHANCE_SIZE) {
385 ACCESSTOKEN_LOG_ERROR(LABEL, "size = %{public}d get from request is invalid", size);
386 return PrivacyError::ERR_OVERSIZE;
387 }
388 for (uint32_t i = 0; i < size; i++) {
389 sptr<SecCompEnhanceDataParcel> parcel = reply.ReadParcelable<SecCompEnhanceDataParcel>();
390 if (parcel != nullptr) {
391 enhanceParcelList.emplace_back(*parcel);
392 }
393 }
394 return result;
395 }
396 #endif
397
SendRequest(PrivacyInterfaceCode code,MessageParcel & data,MessageParcel & reply,bool asyncMode)398 bool PrivacyManagerProxy::SendRequest(
399 PrivacyInterfaceCode code, MessageParcel& data, MessageParcel& reply, bool asyncMode)
400 {
401 int flag = 0;
402 if (asyncMode) {
403 flag = static_cast<int>(MessageOption::TF_ASYNC);
404 } else {
405 flag = static_cast<int>(MessageOption::TF_SYNC);
406 }
407 MessageOption option(flag);
408 sptr<IRemoteObject> remote = Remote();
409 if (remote == nullptr) {
410 ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
411 return false;
412 }
413
414 int32_t result = remote->SendRequest(static_cast<uint32_t>(code), data, reply, option);
415 if (result != NO_ERROR) {
416 ACCESSTOKEN_LOG_ERROR(LABEL, "SendRequest(code=%{public}d) fail, result: %{public}d", code, result);
417 return false;
418 }
419 return true;
420 }
421 } // namespace AccessToken
422 } // namespace Security
423 } // namespace OHOS
424